I would like to run a script after a user login. This script, using his kerberos tickets, will mount an SMB share.
Under RedHat 7 I could simply call the script from /etc/gdm/PreSession/Default
and it would run fine. It would even preserve the $KRB5CCNAME
when running the script while elevated (this variable is kept via a Defaults env_keep += "KRB5CCNAME"
under sudoers.d
.
Under Ubuntu 18.04 we use a service under /etc/systemd/user
, which would use the ticket whenever there is a ticket.
With other words, under RHEL7 and Ubuntu, we could use the tickets even when elevated via sudo, either by running a user service or by calling the script from /etc/gdm/PreSession/Default
.
Under RHEL8 we can't see the variable, neither when running the user service, nor when running it when calling it from /etc/gdm/PreSession/Default
. When I log in as the user, I can see the variable, even when using sudo
, so the environment variable is kept, but somehow it isn't available for the service nor for that script.
Could anyone help me how to fix this? I think I read somewhere that this might have something to do with how gdm
is started under rhel8, but I'm not sure if that's the problem.
UPDATE: I see now that the scripts under /etc/gdm/PreSession/Default
execute as root
. I had the impression that they were executed as the user.
UPDATE2: It seems that I can use tickets anyway. I was assuming that they were not there, just because the $KRB5CCNAME
was unset. But running a command that required the tickets worked anyway.
0 Answers